Next interesting item is the Target Metadata. The timestamps shown here are the timestamps of the target executable, in this case cmd.exe, of the executable on the system of the person creating this .LNK file.

Concluding we have four artefacts tied to the workstation on which this .LNK was created that can be used to track a threat actor:

Hard disk Serial number: 60BDBF2D

Volume ID: C2CC139818B9E241824054A8ADE20A9A

Machine ID: 123-¯ª

Mac address: 00:0C:29:5A:39:04

Didier Stevens created a comprehensive screencap on how to extract the .LNK file from the Word document and analyze it with lnkanalyzer.exe: